Brisingamen Technical Solutions

11/22/2025

Sharing the story of a moderator from a hacker discussion group who was (almost) the victim of a sophisticated EBay scam. The key takeaway is that the scammers are using STOLEN TRACKING NUMBERS, usually from compromised business/commercial shipments. This prevents the shippers from easily being able to share the information with either the victim or EBay itself.

‐‐----------------------------

Sharing a interesting fraud case that unfortunately I was a victim of recently. It was an ebay transaction and until this one I had never had a fraud issue. Against my better judgement I decided to win a $700 camera lens auction. The first red flag was a new seller, but the last 25 years having never had an issue and with eBay's guarantee I decided to take a chance. Auction ended very early in the morning on a Monday. This was also a red flag but so far nothing bad happened. Seller took a little bit but provided a tracking number. But then things started to be strange. The lens was supposed to be from Montana, but it showed up immediately in the closest big city with delivery schedule for the next day. The next morning I was home and I get an email saying the package was delivered. That was surprising since my cameras hadn't alerted me to any activity. I go out and no package. I already had an idea but was hoping that I was wrong. Contacted the seller right away. In the mean time I looked at the confirmation information and it said it was delivered and accepted by a name I wasn't familiar with.

I contacted UPS and they confirmed that the package had been delivered to the address it was sent to, but they also confirmed it wasn't my address. My hopes were sinking at this point, but I still hadn't proven fraud. The seller finally responded the next day that they had "talked to the UPS manager" and they would deliver the next day and said it was a UPS mistake. If I had doubts about whether this was fraud the sellers assurance "I have no reason to deceive you" ended that.

But now I had an interesting problem, the tracking number showed delivered to my city. UPS for privacy reasons wouldn't release the delivery address since it wasn't sent to me, and kept wanting me to contact the sender.

Ebay requires you to wait at several points before you can take certain actions. But as soon as I could I alerted that there was a problem. Then I had to wait. The seller responds with the tracking number to Ebay. I have to wait several more days. Finally I can file a claim for the item not being received. Within an hour I have a denied claim from Ebay saying that the package was delivered, this was obviously and automated system. I filed the appeal right away, but then I got to work.

A lot of time on the phone and an email to UPS's global fraud department finally got me an email confirming that the tracking number was in no way tied to my address. The problem, UPS's privacy rules prevent them giving me any information about the shipment, and the inability to get the customer service people to understand that I was dealing with a fraud issue that my believe was the tracking number was stolen from a legitimate shipment and used as false evidence of delivery. Eventually I did learn that the package originated form a parts distributor and was delivered to a local manufacturing company.

Ebay not having access to the full shipping information only sees the package being delivered to my city though.

After several communications with Ebay I as able to get my money refunded, however they still were treating it like it was being done as a courtesy. It took a lot of explaining that this was actually a fairly sophisticated fraud scheme. My guess is the tracking info is stolen from a business email compromise and then matched up to the sale. But it definitely causes issues for the buyer since they aren't a real party to the shipment associated to the tracking number.

I did end up filing an IC3 report just for tracking purposes. After some investigation I did find a few accounts of people getting hit with a similar issue but all of the ones I saw had lost the case and not gotten their money back mostly because of how difficult it is to actually get proof of what is happening.

This is a really good example of how the use of stolen data can be used to impact others that have no relation to the data. If I had not acted quickly and done the investigation I did I don't think I would have gotten my money back either. This is definitely something to consider when making purchases on Ebay, as they could easy rule against you and then you are left trying to get your bank or credit card company to do a charge back but if you don't have the proof you might lose there as well.

ADDING: Because people are missing this. I confirmed the package was legitimate, I know the shipper and the receiver of the package and the "seller" has no relation to the shipment and did not ship anything. The package was a shipment of parts from an industrial supply company to a local manufacturer and weighed 21 lbs. That is what made the whole thing interesting.

11/07/2025

https://www.linkedin.com/pulse/tale-awesome-vengeance-jen-easterly-fluorescent-ninja-eileen-coles-sllhe

I have been screaming from the rooftops since the last Presidential Election happened that voting machines in the United States are extremely vulnerable to hacking. As a Democratic poll coordinator for the last decade, I am exposed to the voting process from an inside position that gives me access t

09/05/2025

Well, so there's that. And even though this is just a drop in the bucket for Google, they're going to appeal it.

Google says the verdict “misunderstands” how its products work.

08/22/2025

"Krebs is very Revenge" is the latest giggle amongst the White Hats. He's talking about making up T shirts and coffee mugs with that. I'd buy one. :)

August 19, 2025 19 Comments A 22-year-old Oregon man has been arrested on suspicion of operating “Rapper Bot,” a massive botnet used to power a service for launching distributed denial-of-service (DDoS) attacks against targets — including a March 2025 DDoS that knocked Twitter/X offline. The J...

07/17/2025

New security exploits in Cisco and Fortinet firmware require patching immediately. Follow the link to see if your company is affected.

Cisco has issued an urgent security advisory for a critical vulnerability affecting Cisco Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC). Tracked as CVE-2025-20337, the flaw holds a CVSS score of 10.0, the highest possible severity rating. The issue allows unauthenticate...

07/10/2025

It's that time of year again. Does this situation look familiar? Guess how hot that access point and firewall are running in the rack with no fan unit to cool them? You wouldn't want to take a bath in that water. At about 140 degrees Fahrenheit, even the best equipment starts to fail. The components start melting off the circuit boards. What you see here is yet another fire hazard, with the risk made worse by the hot weather and the rack's location in a room that is not properly cooled. Those are very expensive, high end Cisco Meraki pieces and because of the way they are provisioned, they are not likely to survive to the end of August.

And don't even get me started on why the wifi access point is inside an enclosed metal rack (where it is getting cooked) when it should be mounted on the wall or ceiling, preferably in a client facing area. Guess how well their wifi works? Hint: it doesn't.

It doesn't have to be this way. If your IT equipment is badly set up, under performing and at risk for failure, talk to Brisingamen about it. 516 459-9872 or [email protected].

07/05/2025

It's "We're down hard because the IT equipment overheated" season. If you need any help with that - whether before or after it happens - by all means let me know.

- Thor Odinson Vs Surtur | Movie Clip [1080p HD] Fight SceneCredits: TM & © Disney / MarvelThis video is only made for Entertainment purpose. A...

06/20/2025

Sexism is the foundation of fascism, and with fascism currently very much in play in the United States, it's time to revisit one of the best books ever written on the subject: "Hardball For Women" by Pat Heim. I was pointed toward this epic masterpiece by a female doctor, and I honestly have to say it changed my entire perspective on sexist harassment. Understanding WHY people do things is key when you want to effect needed change and stop people from hurting you.

The important takeaway from this book is that men are wired to compete, and women are wired to cooperate. Toxic masculinity is always accompanied by a desperate, almost pathetic need to look better than the next guy - even if it overrides the communal mission or the work objective.

Men are constantly trying to tie their coworker's shoelaces together in order to appear "better". Women, being wired for cooperation, do not understand this behavior because it can - and frequently does - sabotage the entire objective.

Is it stupid? Absolutely. Is it sexist? More than you might think. At the caveman level, it's a frigging mating dance. It's a completely time-and-place inappropriate, seriously misplaced attempt to impress a mate and intimidate competitors for a female's attention. With "the boss", whether male or female, serving as the substitute for the female they are attempting to impress. While men do this to each other all the time, women in the workplace are the highest priority of the sexist to target for this behavior because our inability to understand it and our reactions to it serve as a form of "proof that we don't belong".

So nowadays when I encounter on-the-job sexist harassment (which is rare, but still happens) my understanding of it allows me to deal with it much more effectively. My feelings about it no longer interfere. I no longer have to waste time trying to figure out why it's being done, or ask myself "is it because of something I did", and wallow in the confused misery, the sadness and the rage. Most importantly I know how to fix it now, and while sometimes that is not much more than remove myself from the equation (or more to the point, remove them from mine!), I have no problem doing that.

Another key takeaway is that if someone shows you that they are a piece of s**t, believe them. No one forced them to go nosing through your car or your toolbag and move things around, put a tool of yours in their own bag, sabotage work that you've already fully completed, install one of the parts for your project in a different part of the store and claim that it never was delivered, steal parts meant for your part of the project, try to sucker punch you into doing a part of the job that you're not certified to do by law, etc. etc. Nothing YOU did is why they did this. They did this because they're a sexist as***le trying to hurt your ability to earn an honest living and impress the client base as you work with your own skills because it's more important to them to "look better than you to the boss", and you don't have to tolerate this crap or work with such people.

There are enough other guys out there who are mature adults, secure about themselves, don't have their brains swingin' in their Hanes, and only want to get the job done for the client. Find that tribe - they DO exist - and work with them instead.

The bestselling guide fully updated for the post- era For nearly two decades, has shown women how to get ahead in the business world. Whether the arena is a law firm, a medical group, a tech company, or any other work environment, decodes male business culture and shows women how to brea...

06/16/2025

I have frequently seen vendors hold corporate clients hostage to proprietary software products.

The New York Times was at the mercy of a proprietary broadsheet page layout vendor which forced them to remain on an outdated, unpatched version of Solaris, creating a security vulnerability that affected their entire network. The vendor had no real competition, since the NYT's broadsheet page format is itself antiquated.

IBM was savaging Morgan Stanley with bugs in their proprietary version of the AFS filesystem, which were causing their Sun Microsystems servers to randomly crash all over the place (they were of course trying to blame this on Sun). Sun responded by finding - and patching - the same bugs in the open source version of AFS, which they then provided to Morgan Stanley for free. In this case honest competition between vendors ended up providing the solution, and it was IBM who justly ended up with the black eye.

Then there was the CDK ransomware hack last summer which disrupted thousands of car dealership and rental businesses all across the US. CDK didn't even give the automotive client I was working with (or any of the other victims of the attack) a newer, patched version of the software. They just paid the ransom and forced their clients to reinstall the same old crap, while corporate security watched additional third party attacks still happening on their most sensitive HR systems. The client was beginning to look at alternative solutions when I left, and they were projecting a 2 to 5 year turnaround time.

By contrast this aggressive internal response to such a hostage situation took integrity, fortitude, and the willingness to hire and properly compensate an internal development team. It ended up being a huge win for Michelin.

The tire manufacturer saw costs decrease 44% after moving 450 applications to an in-house platform.

05/29/2025

The ability to perform IT work under fire is a skill that has become very badly needed in current times.

I began my career with the US Air Force, assigned to an elite unit at HQ USAFE whose members all held TS/SCI clearances. Those of us serving in the communications division were required to respond to the base within 15 minutes, 24/7/365. Our primary goal, our entire "raison d'etre" was that comms MUST be up at ALL times. Outages and downtimes on these mission critical intelligence message handling systems were unacceptable. We literally were the system admins in the infamous XCKD cartoon who would walk across broken glass and kill everything that was standing between us and our way to bringing our systems back up. Not even a joke. For real.

Many people in the US today are at risk for everything. Medical coverage, food and housing are at risk for these innocent civilian families. I have found myself needing to draw upon my skills and military training as I rock around the clock to support my community - commercial customers by day and these non-profit organizations and at-risk individuals and families who need my help by night. For some, the work is being done pro bono. It may be months before the results are seen, but I am doing my best to empower my local at-risk peeps.

I don't really spend a lot of time tooting my own horn, but recently I pulled off a universe-level hack that I am pretty proud of. My laptop bag - with approximately $1000 worth of tools in it - was stolen out of my car. A few days later I did an e-waste removal job that included a few older laptops. In record time, I managed to build one of them into something that would replace the stolen field laptop - just in time for my next job that required it.

Backups are ALWAYS the system administrator's friend. The ability to cobble together a backup system from the bitty bits around you is a non-trivial "under fire" skill that can mean the difference between life and death in a military situation. It's starting to become that urgently needed a skill in the civilian world as well. Always have backups ready - your data, your systems, your tools and your communications vectors. And if you don't have them, be ready to create them from what's around you while under fire. There are few things more valuable in the IT world than the ability to keep a cool head under fire, keep your motivation and your resourcefulness percolating, and get the job done. USAF Sergeant for the win. :)

05/20/2025

Defend yourselves.

Cover Your Tracks is a website created by the Electronic Frontier Foundation to test your browser's privacy protections. I thought I was pretty private online, but this test showed otherwise.

04/01/2025

I am very proud to have had Ethan Arriagada as an honored guest as part of Brisingamen's sponsorship of the Glen Cove Chamber of Commerce's Culinary Delights Event.

Glen Cove is blessed to have such a thriving diversity of restaurants in our area. However we must never forget the many around us who are not fortunate enough to enjoy such feasts, and who are part of our food insecure population. I sincerely hope that by inviting Ethan with Brisingamen's other sponsorship ticket, I was able to draw attention to NOSH and their critically important mission.

If I look a wee bit tired in this pic it's because I am. Hackers and phishers and malware (oh my!) have been running me ragged as I try to take care of my client base. But I do try to do the right thing with what time I have. Thank you Courtney Callahan of NOSH, Ethan, and the Glen Cove Chamber of Commerce. This was a nice break from the cyber-madness of late.